Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Edit required_fields field for custom rules in UI and API #5131

Closed
3 tasks done
Tracked by #174168
nikitaindik opened this issue Apr 26, 2024 · 1 comment
Closed
3 tasks done
Tracked by #174168

Edit required_fields field for custom rules in UI and API #5131

nikitaindik opened this issue Apr 26, 2024 · 1 comment
Assignees
@joepeeples
Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Rules Team: Detections/Response Detections and Response v8.15.0

Comments

@nikitaindik
Copy link
Contributor

nikitaindik commented Apr 26, 2024
edited by joepeeples
Loading

Description

This documentation request is basically a clone of the "related_integrations" documentation request, but for "required_fields".

We are wrapping up the work on the PR that adds an ability to add and edit rule's required fields. "Required fields" is an optional field that shows the user which Elasticsearch fields are needed for the rule to run properly. Currently required fields are hardcoded in Elastic prebuilt rules. Once this PR is merged, users will be able to modify required fields for custom rules.

Background & resources

Which documentation set does this change impact?

ESS and serverless

ESS release

8.15

Serverless release

Mon, May 20, 2024

Feature differences

The feature is identical in ESS and Serverless.

API docs impact

The feature touched existing rule management endpoints. All endpoints will accept required fields as well as return them. The followings APIs are affected

  • Get rule GET /api/detection_engine/rules
  • Create rule POST /api/detection_engine/rules
  • Update rule PUT /api/detection_engine/rules
  • Patch rule PATCH /api/detection_engine/rules
  • Find rules GET /api/detection_engine/rules/_find
  • Bulk create rules POST /api/detection_engine/rules/_bulk_create (endpoint is deprecated)
  • Bulk update rules PUT /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
  • Bulk patch rules PATCH /api/detection_engine/rules/_bulk_update (endpoint is deprecated)
  • Bulk actions POST /api/detection_engine/rules/_bulk_action
    • Edit rules
    • Export rules
    • Import rules
    • Rule response from bulk operations
  • Import rules POST /api/detection_engine/rules/_import
  • Export rules POST /api/detection_engine/rules/_export

Prerequisites, privileges, feature flags

No special requirements

Tasks
Beta Give feedback
@nikitaindik nikitaindik mentioned this issue Apr 26, 2024
Closed
14 tasks
@banderror banderror added Team: Detections/Response Detections and Response Feature: Rules Docset: Serverless Issues for Serverless Security Docset: ESS Issues that apply to docs in the Stack release v8.15.0 labels Apr 26, 2024
@banderror banderror mentioned this issue Apr 26, 2024
Open
@joepeeples joepeeples changed the title [Request] Ability to edit required_fields field for custom rules in UI and API Edit required_fields field for custom rules in UI and API Apr 29, 2024
@nikitaindik
Copy link
Contributor Author

Hi @joepeeples! Just wanted to gently remind you about the classic docs PR we need for the v8.15 release :) Thanks!

@joepeeples joepeeples mentioned this issue May 30, 2024
Merged
@mergify mergify bot mentioned this issue Jul 3, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@joepeeples joepeeples

Labels
Docset: ESS Issues that apply to docs in the Stack release Docset: Serverless Issues for Serverless Security Feature: Rules Team: Detections/Response Detections and Response v8.15.0
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@banderror @nikitaindik @joepeeples